program:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0x68f, 0x55595659, 0x2, @discrete={0xfff, 0x5}})
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x3, 0x0)
ioctl$EVIOCGBITSW(r1, 0x80404525, &(0x7f0000000140)=""/148)
socket$unix(0x1, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1400000010000180000a0000954af03173c48cdeeff6e3412d7421000000000000000a208cb4b3000000000a01010000000000000000020000000900010073797a30000040000000030a09020000000000002000020000000900010073797a30000000000900030073797a3229fb228d87188c00000000140804800800014000000000080002400000000014000000110001000000005d20ee608aea1b1c8fd726c1cae2c6d312b87f7d43494526bb461cac0e7a53b02a74537cd7e69fc85dd2cacbce11c8e9de5d488b0a25d22285a9dde3301fb2410a8852c37d15103c4298a94615a65634a29bedfbcd567097704d8cf91436dabc182e47085f416724aefaa43f88507349928b587a8fbeba817c9dd45ef1a2da0ab14255b631e4930404f3583bba3c4d4e54eb9435b704000000f4a6f6dc30a484b441ddf43f8ecfb8cf419a2aa22b0e563cc38d7bb03c5b6a3278a47d87e6"], 0x88}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000004000000000000000002000000400004803c0001800e000100696d6d6564696174650000002800028008000140000000001c000280180002800900020073797a320000000008000180fffffffd0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a00"/148], 0x94}}, 0x800)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x4430, &(0x7f00000088c0)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0fVK+BeI301qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+ZAcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgq7dIzSQBCFAfjNWKidx7BadjvbFUW0cEXwBHoMD6NH8RLeIUWKtClCIJmFsNmFbZLq+5oH8zPzHswDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiyAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRd8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD///z/H5w=")
ioctl$KVM_GET_SREGS(0xffffffffffffffff, 0x8138ae83, &(0x7f00000004c0))
io_setup(0x202, &(0x7f0000000200)=<r4=>0x0)
r5 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x42200)
r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000280), 0x20000, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r6, 0x40405515, &(0x7f00000002c0)={0x0, 0x1, 0x9e7, 0x1, 'syz0\x00', 0x9})
ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000140)={"fbff0a00", 0x5b, 0x5, 0x3, 0x14625b, 0x3, "000000ff000700000009000000fbff", '\x00', "05030400", '\x00', ["9ef806070000007eff7d7f00", "0000000000000000008000", "ffffff0200ffff7f00", "00720cf44bffff00e9004300"]})
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000002a00), 0x800, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'pimreg\x00', 0x1})
io_submit(r4, 0x1, &(0x7f0000000400)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xc, r7, &(0x7f00000000c0)=']', 0x1, 0x1}])
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1}, {0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000880}, 0x0)
getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=ANY=[@ANYBLOB="2c0000001800dd8d00000001000000a01c150002000000000000060000000008001e000200000008", @ANYRES32=r10, @ANYBLOB], 0x2c}}, 0x4010)
r11 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_clone(0x6b809200, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(r11, r12, 0x0, 0xfffe82)

[   68.315547][ T4664] Bluetooth: hci0: command tx timeout
[   68.706884][ T5317] loop0: detected capacity change from 0 to 32768
[   68.715047][ T5317] =======================================================
[   68.715047][ T5317] WARNING: The mand mount option has been deprecated and
[   68.715047][ T5317]          and is ignored by this kernel. Remove the mand
[   68.715047][ T5317]          option from the mount to silence this warning.
[   68.715047][ T5317] =======================================================
[   68.806402][ T5317] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[   68.877635][ T5318] netlink: 16 bytes leftover after parsing attributes in process `syz.0.0'.
[   68.888272][   T25] audit: type=1800 audit(1746267298.626:2): pid=5318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=17058 res=0 errno=0
[   68.959281][ T5323] ==================================================================
[   68.962715][ T5323] BUG: KASAN: use-after-free in ocfs2_claim_suballoc_bits+0x9b2/0x2310
[   68.966381][ T5323] Read of size 4 at addr ffff88805342b000 by task syz.0.0/5323
[   68.969552][ T5323] 
[   68.970913][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller-00256-g95d3481af6dc #0 PREEMPT(full) 
[   68.970929][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.970936][ T5323] Call Trace:
[   68.970944][ T5323]  <TASK>
[   68.970950][ T5323]  dump_stack_lvl+0x189/0x250
[   68.970972][ T5323]  ? __virt_addr_valid+0x18c/0x540
[   68.970986][ T5323]  ? rcu_is_watching+0x15/0xb0
[   68.970999][ T5323]  ? __kasan_check_byte+0x12/0x40
[   68.971014][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.971027][ T5323]  ? rcu_is_watching+0x15/0xb0
[   68.971041][ T5323]  ? lock_release+0x4b/0x3e0
[   68.971055][ T5323]  ? __virt_addr_valid+0x18c/0x540
[   68.971067][ T5323]  ? __virt_addr_valid+0x469/0x540
[   68.971080][ T5323]  print_report+0xb4/0x290
[   68.971093][ T5323]  ? ocfs2_claim_suballoc_bits+0x9b2/0x2310
[   68.971106][ T5323]  kasan_report+0x118/0x150
[   68.971119][ T5323]  ? ocfs2_claim_suballoc_bits+0x9b2/0x2310
[   68.971136][ T5323]  ocfs2_claim_suballoc_bits+0x9b2/0x2310
[   68.971154][ T5323]  ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[   68.971169][ T5323]  ? ocfs2_reserve_suballoc_bits+0x15e/0x45f0
[   68.971182][ T5323]  ? unwind_next_frame+0xa5/0x2390
[   68.971194][ T5323]  ? __kasan_check_byte+0x12/0x40
[   68.971206][ T5323]  ? down_write+0x162/0x1f0
[   68.971264][ T5323]  ? __bfs+0x151/0x2a0
[   68.971277][ T5323]  ? __pfx_hlock_conflict+0x10/0x10
[   68.971287][ T5323]  ? rcu_is_watching+0x15/0xb0
[   68.971302][ T5323]  __ocfs2_claim_clusters+0x307/0x910
[   68.971317][ T5323]  ? __pfx___ocfs2_claim_clusters+0x10/0x10
[   68.971332][ T5323]  ? ocfs2_num_free_extents+0x347/0x620
[   68.971345][ T5323]  ? __pfx_ocfs2_num_free_extents+0x10/0x10
[   68.971357][ T5323]  ? lockdep_unlock+0x89/0x120
[   68.971369][ T5323]  ? validate_chain+0x897/0x2140
[   68.971379][ T5323]  ocfs2_add_clusters_in_btree+0x336/0xf80
[   68.971389][ T5323]  ? check_path+0x21/0x40
[   68.971395][ T5323]  ? __pfx_ocfs2_add_clusters_in_btree+0x10/0x10
[   68.971403][ T5323]  ? lockdep_unlock+0x89/0x120
[   68.971410][ T5323]  ? validate_chain+0x897/0x2140
[   68.971418][ T5323]  ocfs2_add_inode_data+0xce/0x120
[   68.971428][ T5323]  ? __pfx_ocfs2_add_inode_data+0x10/0x10
[   68.971436][ T5323]  ? __lock_acquire+0xaac/0xd20
[   68.971449][ T5323]  ? __pfx_ocfs2_journal_access_di+0x10/0x10
[   68.971463][ T5323]  ? __mutex_trylock_common+0x153/0x260
[   68.971474][ T5323]  ocfs2_write_cluster_by_desc+0x530/0x1c90
[   68.971493][ T5323]  ? __pfx_ocfs2_write_cluster_by_desc+0x10/0x10
[   68.971507][ T5323]  ? jbd2_write_access_granted+0x69/0x310
[   68.971524][ T5323]  ? __ocfs2_journal_access+0x621/0x820
[   68.971539][ T5323]  ? ocfs2_grab_folios_for_write+0xa57/0xd80
[   68.971552][ T5323]  ? __pfx_ocfs2_grab_folios_for_write+0x10/0x10
[   68.971563][ T5323]  ? rcu_is_watching+0x15/0xb0
[   68.971577][ T5323]  ? ocfs2_write_begin_nolock+0xeb9/0x4340
[   68.971589][ T5323]  ? ocfs2_metadata_cache_get_super+0x43/0x80
[   68.971600][ T5323]  ? ocfs2_inode_cache_get_super+0xd/0x40
[   68.971611][ T5323]  ocfs2_write_begin_nolock+0x31a3/0x4340
[   68.971633][ T5323]  ? __pfx_ocfs2_write_begin_nolock+0x10/0x10
[   68.971646][ T5323]  ? __bfs+0x151/0x2a0
[   68.971661][ T5323]  ? check_path+0x21/0x40
[   68.971669][ T5323]  ? check_noncircular+0xe0/0x160
[   68.971679][ T5323]  ? lockdep_unlock+0x89/0x120
[   68.971687][ T5323]  ? validate_chain+0x897/0x2140
[   68.971694][ T5323]  ? __pfx_ocfs2_journal_access_di+0x10/0x10
[   68.971704][ T5323]  ? __lock_acquire+0xaac/0xd20
[   68.971717][ T5323]  ? ocfs2_dio_wr_get_block+0x8ee/0x1770
[   68.971731][ T5323]  ? down_write+0x162/0x1f0
[   68.971743][ T5323]  ? __pfx_down_write+0x10/0x10
[   68.971755][ T5323]  ? __kasan_kmalloc+0x93/0xb0
[   68.971768][ T5323]  ? ocfs2_dio_wr_get_block+0x476/0x1770
[   68.971781][ T5323]  ocfs2_dio_wr_get_block+0xb6f/0x1770
[   68.971798][ T5323]  ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10
[   68.971811][ T5323]  ? iov_iter_bvec_advance+0x226/0x230
[   68.971825][ T5323]  ? iov_iter_extract_bvec_pages+0x729/0x7d0
[   68.971838][ T5323]  ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10
[   68.971845][ T5323]  __blockdev_direct_IO+0x1649/0x3310
[   68.971857][ T5323]  ? __pfx___blockdev_direct_IO+0x10/0x10
[   68.971867][ T5323]  ? __pfx_invalidate_inode_pages2_range+0x10/0x10
[   68.971909][ T5323]  ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10
[   68.971922][ T5323]  ? filemap_write_and_wait_range+0x182/0x310
[   68.971945][ T5323]  ? __pfx_filemap_write_and_wait_range+0x10/0x10
[   68.971971][ T5323]  ? __pfx_queue_delayed_work_on+0x10/0x10
[   68.971986][ T5323]  ? _raw_spin_lock_irq+0xae/0xf0
[   68.972001][ T5323]  ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10
[   68.972023][ T5323]  ocfs2_direct_IO+0x25f/0x2d0
[   68.972042][ T5323]  generic_file_direct_write+0x1d8/0x3e0
[   68.972059][ T5323]  ? file_update_time+0x416/0x490
[   68.972081][ T5323]  __generic_file_write_iter+0x11d/0x230
[   68.972098][ T5323]  ? ocfs2_file_write_iter+0x1551/0x1d10
[   68.972117][ T5323]  ocfs2_file_write_iter+0x157a/0x1d10
[   68.972129][ T5323]  ? kasan_save_track+0x3e/0x80
[   68.972142][ T5323]  ? __kasan_kmalloc+0x93/0xb0
[   68.972159][ T5323]  ? __kmalloc_noprof+0x27a/0x4f0
[   68.972181][ T5323]  ? __pfx_ocfs2_file_write_iter+0x10/0x10
[   68.972203][ T5323]  ? splice_from_pipe_next+0x608/0x660
[   68.972221][ T5323]  ? __asan_memset+0x22/0x50
[   68.972235][ T5323]  iter_file_splice_write+0x937/0x1000
[   68.972258][ T5323]  ? __pfx_iter_file_splice_write+0x10/0x10
[   68.972274][ T5323]  ? rcu_read_lock_any_held+0xb3/0x120
[   68.972290][ T5323]  ? __pfx_iter_file_splice_write+0x10/0x10
[   68.972309][ T5323]  direct_splice_actor+0xfe/0x160
[   68.972328][ T5323]  splice_direct_to_actor+0x5a5/0xcc0
[   68.972349][ T5323]  ? __pfx_direct_splice_actor+0x10/0x10
[   68.972365][ T5323]  ? __pfx_splice_direct_to_actor+0x10/0x10
[   68.972382][ T5323]  ? __pfx_aa_file_perm+0x10/0x10
[   68.972399][ T5323]  do_splice_direct+0x181/0x270
[   68.972419][ T5323]  ? __pfx_do_splice_direct+0x10/0x10
[   68.972436][ T5323]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   68.972456][ T5323]  ? rw_verify_area+0x258/0x650
[   68.972472][ T5323]  do_sendfile+0x4da/0x7d0
[   68.972494][ T5323]  ? __pfx_count_memcg_event_mm+0x10/0x10
[   68.972511][ T5323]  ? __pfx_do_sendfile+0x10/0x10
[   68.972531][ T5323]  __se_sys_sendfile64+0x13e/0x190
[   68.972551][ T5323]  ? __pfx___se_sys_sendfile64+0x10/0x10
[   68.972569][ T5323]  ? do_syscall_64+0xba/0x210
[   68.972587][ T5323]  do_syscall_64+0xf6/0x210
[   68.972603][ T5323]  ? clear_bhb_loop+0x45/0xa0
[   68.972619][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.972633][ T5323] RIP: 0033:0x7fd6f118e969
[   68.972646][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.972659][ T5323] RSP: 002b:00007fd6f2056038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   68.972673][ T5323] RAX: ffffffffffffffda RBX: 00007fd6f13b6160 RCX: 00007fd6f118e969
[   68.972686][ T5323] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000010
[   68.972695][ T5323] RBP: 00007fd6f1210ab1 R08: 0000000000000000 R09: 0000000000000000
[   68.972702][ T5323] R10: 0000000000fffe82 R11: 0000000000000246 R12: 0000000000000000
[   68.972711][ T5323] R13: 0000000000000001 R14: 00007fd6f13b6160 R15: 00007ffc8c2b90d8
[   68.972722][ T5323]  </TASK>
[   68.972728][ T5323] 
[   69.269696][ T5323] The buggy address belongs to the physical page:
[   69.272381][ T5323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5342b
[   69.276118][ T5323] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[   69.279767][ T5323] raw: 04fff00000000000 ffffea00014d0b08 ffff88801fe3f8b0 0000000000000000
[   69.283533][ T5323] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   69.287161][ T5323] page dumped because: kasan: bad access detected
[   69.290004][ T5323] page_owner info is not present (never set?)
[   69.292589][ T5323] 
[   69.293607][ T5323] Memory state around the buggy address:
[   69.296064][ T5323]  ffff88805342af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   69.299344][ T5323]  ffff88805342af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   69.302657][ T5323] >ffff88805342b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.306676][ T5323]                    ^
[   69.308439][ T5323]  ffff88805342b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.312048][ T5323]  ffff88805342b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   69.315421][ T5323] ==================================================================
[   69.347500][ T5323] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   69.351033][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller-00256-g95d3481af6dc #0 PREEMPT(full) 
[   69.355801][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   69.360434][ T5323] Call Trace:
[   69.361885][ T5323]  <TASK>
[   69.363184][ T5323]  dump_stack_lvl+0x99/0x250
[   69.365209][ T5323]  ? __asan_memcpy+0x40/0x70
[   69.367156][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.369221][ T5323]  ? __pfx__printk+0x10/0x10
[   69.371029][ T5323]  panic+0x2db/0x790
[   69.372439][ T5323]  ? __pfx_panic+0x10/0x10
[   69.374066][ T5323]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   69.376287][ T5323]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   69.378696][ T5323]  ? print_memory_metadata+0x314/0x400
[   69.380860][ T5323]  ? ocfs2_claim_suballoc_bits+0x9b2/0x2310
[   69.383420][ T5323]  check_panic_on_warn+0x89/0xb0
[   69.385601][ T5323]  ? ocfs2_claim_suballoc_bits+0x9b2/0x2310
[   69.388078][ T5323]  end_report+0x78/0x160
[   69.389898][ T5323]  kasan_report+0x129/0x150
[   69.391777][ T5323]  ? ocfs2_claim_suballoc_bits+0x9b2/0x2310
[   69.394740][ T5323]  ocfs2_claim_suballoc_bits+0x9b2/0x2310
[   69.397164][ T5323]  ? __pfx_ocfs2_claim_suballoc_bits+0x10/0x10
[   69.399717][ T5323]  ? ocfs2_reserve_suballoc_bits+0x15e/0x45f0
[   69.402239][ T5323]  ? unwind_next_frame+0xa5/0x2390
[   69.404361][ T5323]  ? __kasan_check_byte+0x12/0x40
[   69.406538][ T5323]  ? down_write+0x162/0x1f0
[   69.408534][ T5323]  ? __bfs+0x151/0x2a0
[   69.410309][ T5323]  ? __pfx_hlock_conflict+0x10/0x10
[   69.412621][ T5323]  ? rcu_is_watching+0x15/0xb0
[   69.414759][ T5323]  __ocfs2_claim_clusters+0x307/0x910
[   69.417108][ T5323]  ? __pfx___ocfs2_claim_clusters+0x10/0x10
[   69.419634][ T5323]  ? ocfs2_num_free_extents+0x347/0x620
[   69.422054][ T5323]  ? __pfx_ocfs2_num_free_extents+0x10/0x10
[   69.424896][ T5323]  ? lockdep_unlock+0x89/0x120
[   69.427538][ T5323]  ? validate_chain+0x897/0x2140
[   69.430140][ T5323]  ocfs2_add_clusters_in_btree+0x336/0xf80
[   69.432614][ T5323]  ? check_path+0x21/0x40
[   69.434511][ T5323]  ? __pfx_ocfs2_add_clusters_in_btree+0x10/0x10
[   69.437332][ T5323]  ? lockdep_unlock+0x89/0x120
[   69.439968][ T5323]  ? validate_chain+0x897/0x2140
[   69.442169][ T5323]  ocfs2_add_inode_data+0xce/0x120
[   69.444394][ T5323]  ? __pfx_ocfs2_add_inode_data+0x10/0x10
[   69.446766][ T5323]  ? __lock_acquire+0xaac/0xd20
[   69.448911][ T5323]  ? __pfx_ocfs2_journal_access_di+0x10/0x10
[   69.451539][ T5323]  ? __mutex_trylock_common+0x153/0x260
[   69.453964][ T5323]  ocfs2_write_cluster_by_desc+0x530/0x1c90
[   69.456519][ T5323]  ? __pfx_ocfs2_write_cluster_by_desc+0x10/0x10
[   69.459259][ T5323]  ? jbd2_write_access_granted+0x69/0x310
[   69.461764][ T5323]  ? __ocfs2_journal_access+0x621/0x820
[   69.464066][ T5323]  ? ocfs2_grab_folios_for_write+0xa57/0xd80
[   69.466450][ T5323]  ? __pfx_ocfs2_grab_folios_for_write+0x10/0x10
[   69.468946][ T5323]  ? rcu_is_watching+0x15/0xb0
[   69.471046][ T5323]  ? ocfs2_write_begin_nolock+0xeb9/0x4340
[   69.473575][ T5323]  ? ocfs2_metadata_cache_get_super+0x43/0x80
[   69.476016][ T5323]  ? ocfs2_inode_cache_get_super+0xd/0x40
[   69.478347][ T5323]  ocfs2_write_begin_nolock+0x31a3/0x4340
[   69.480701][ T5323]  ? __pfx_ocfs2_write_begin_nolock+0x10/0x10
[   69.483346][ T5323]  ? __bfs+0x151/0x2a0
[   69.485187][ T5323]  ? check_path+0x21/0x40
[   69.487775][ T5323]  ? check_noncircular+0xe0/0x160
[   69.489886][ T5323]  ? lockdep_unlock+0x89/0x120
[   69.491810][ T5323]  ? validate_chain+0x897/0x2140
[   69.493826][ T5323]  ? __pfx_ocfs2_journal_access_di+0x10/0x10
[   69.496323][ T5323]  ? __lock_acquire+0xaac/0xd20
[   69.498315][ T5323]  ? ocfs2_dio_wr_get_block+0x8ee/0x1770
[   69.500705][ T5323]  ? down_write+0x162/0x1f0
[   69.502747][ T5323]  ? __pfx_down_write+0x10/0x10
[   69.505063][ T5323]  ? __kasan_kmalloc+0x93/0xb0
[   69.507133][ T5323]  ? ocfs2_dio_wr_get_block+0x476/0x1770
[   69.509554][ T5323]  ocfs2_dio_wr_get_block+0xb6f/0x1770
[   69.511940][ T5323]  ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10
[   69.514422][ T5323]  ? iov_iter_bvec_advance+0x226/0x230
[   69.516579][ T5323]  ? iov_iter_extract_bvec_pages+0x729/0x7d0
[   69.518995][ T5323]  ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10
[   69.521338][ T5323]  __blockdev_direct_IO+0x1649/0x3310
[   69.523465][ T5323]  ? __pfx___blockdev_direct_IO+0x10/0x10
[   69.525715][ T5323]  ? __pfx_invalidate_inode_pages2_range+0x10/0x10
[   69.528534][ T5323]  ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10
[   69.531151][ T5323]  ? filemap_write_and_wait_range+0x182/0x310
[   69.534308][ T5323]  ? __pfx_filemap_write_and_wait_range+0x10/0x10
[   69.537039][ T5323]  ? __pfx_queue_delayed_work_on+0x10/0x10
[   69.539557][ T5323]  ? _raw_spin_lock_irq+0xae/0xf0
[   69.541781][ T5323]  ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10
[   69.544241][ T5323]  ocfs2_direct_IO+0x25f/0x2d0
[   69.546386][ T5323]  generic_file_direct_write+0x1d8/0x3e0
[   69.548831][ T5323]  ? file_update_time+0x416/0x490
[   69.551061][ T5323]  __generic_file_write_iter+0x11d/0x230
[   69.553517][ T5323]  ? ocfs2_file_write_iter+0x1551/0x1d10
[   69.555946][ T5323]  ocfs2_file_write_iter+0x157a/0x1d10
[   69.558342][ T5323]  ? kasan_save_track+0x3e/0x80
[   69.560444][ T5323]  ? __kasan_kmalloc+0x93/0xb0
[   69.562601][ T5323]  ? __kmalloc_noprof+0x27a/0x4f0
[   69.564876][ T5323]  ? __pfx_ocfs2_file_write_iter+0x10/0x10
[   69.567417][ T5323]  ? splice_from_pipe_next+0x608/0x660
[   69.569716][ T5323]  ? __asan_memset+0x22/0x50
[   69.571834][ T5323]  iter_file_splice_write+0x937/0x1000
[   69.574197][ T5323]  ? __pfx_iter_file_splice_write+0x10/0x10
[   69.576654][ T5323]  ? rcu_read_lock_any_held+0xb3/0x120
[   69.579026][ T5323]  ? __pfx_iter_file_splice_write+0x10/0x10
[   69.581490][ T5323]  direct_splice_actor+0xfe/0x160
[   69.584329][ T5323]  splice_direct_to_actor+0x5a5/0xcc0
[   69.586675][ T5323]  ? __pfx_direct_splice_actor+0x10/0x10
[   69.589016][ T5323]  ? __pfx_splice_direct_to_actor+0x10/0x10
[   69.591610][ T5323]  ? __pfx_aa_file_perm+0x10/0x10
[   69.593919][ T5323]  do_splice_direct+0x181/0x270
[   69.596366][ T5323]  ? __pfx_do_splice_direct+0x10/0x10
[   69.599337][ T5323]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   69.602006][ T5323]  ? rw_verify_area+0x258/0x650
[   69.604099][ T5323]  do_sendfile+0x4da/0x7d0
[   69.606074][ T5323]  ? __pfx_count_memcg_event_mm+0x10/0x10
[   69.608453][ T5323]  ? __pfx_do_sendfile+0x10/0x10
[   69.610492][ T5323]  __se_sys_sendfile64+0x13e/0x190
[   69.612766][ T5323]  ? __pfx___se_sys_sendfile64+0x10/0x10
[   69.615258][ T5323]  ? do_syscall_64+0xba/0x210
[   69.617207][ T5323]  do_syscall_64+0xf6/0x210
[   69.619118][ T5323]  ? clear_bhb_loop+0x45/0xa0
[   69.621047][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.623576][ T5323] RIP: 0033:0x7fd6f118e969
[   69.625560][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   69.634489][ T5323] RSP: 002b:00007fd6f2056038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   69.638097][ T5323] RAX: ffffffffffffffda RBX: 00007fd6f13b6160 RCX: 00007fd6f118e969
[   69.641605][ T5323] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000010
[   69.644855][ T5323] RBP: 00007fd6f1210ab1 R08: 0000000000000000 R09: 0000000000000000
[   69.648349][ T5323] R10: 0000000000fffe82 R11: 0000000000000246 R12: 0000000000000000
[   69.651794][ T5323] R13: 0000000000000001 R14: 00007fd6f13b6160 R15: 00007ffc8c2b90d8
[   69.655221][ T5323]  </TASK>
[   69.656817][ T5323] Kernel Offset: disabled
[   69.658718][ T5323] Rebooting in 86400 seconds..